By making multiple successive authorization attempts to connect to therouter, it is eventually possible to authenticate with anyusername/password combination. While the root cause of the vulnerabilityis not known, exploitation is trivial and does not require either aknown username or password.

III. ANALYSIS

Successful exploitation allows an attacker to perform any administrativefunction that a legitimate administrator could perform.

The Common Vulnerabilities and Exposures (CVE) project has assigned thename CAN-2004-0477 to this issue. This is a candidate for inclusion inthe CVE list (http://cve.mitre.org), which standardizes names forsecurity problems.